Elementor Website Builder vulnerabilities

CVE-2026-32352 [MEDIUM] CWE-79 CVE-2026-32352: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows DOM-Based XSS.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.

CVE-2026-32445 [LOW] CWE-862 CVE-2026-32445: Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiti Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.

CVE-2024-50555 [MEDIUM] CWE-79 CVE-2024-50555: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through <= 3.29.0.

CVE-2025-67588 [MEDIUM] CWE-862 CVE-2025-67588: Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiti Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.33.0.

CVE-2024-54444 [MEDIUM] CWE-79 CVE-2024-54444: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through <= 3.25.10.

CVE-2024-37437 [MEDIUM] CWE-79 CVE-2024-37437: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor.This issue affects Elementor Website Builder: from n/a through <= 3.22.1.

CVE-2023-33922 [MEDIUM] CWE-862 CVE-2023-33922: Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elemen Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2.

CVE-2024-24934 [HIGH] CWE-22 CVE-2024-24934: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elem Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through 3.19.0.

CVE-2023-47504 [HIGH] CWE-287 CVE-2023-47504: Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functi Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4.